• DDoS Mitigation

  • Imagine a shopping mall. By definition, anybody can enter the mall and then browse the shops. It is public. The shops are expecting people to come by, look at the displays, maybe enter and then buy things.

    In the mall, there is a shopkeeper, who sells, say, computers. Let’s call him Jim. He wants people to come by and see the computers and be enticed into buying them. Jim is the nice guy in our story.

    Let there be Bob. Bob is a disgruntled nihilist who hates Jim. Bob would go to great lengths to make Jim unhappy, e.g. disrupting Jim’s business. Bob does not have many friends, but he is smart, in his own twisted way. One day, Bob spends some money to make the local newspaper publish an ad; the ad states, in big fonts and vivid colours, that Jim runs a great promotion at the occasion of his shop’s tenth birthday: the first one hundred customers who enter the shop will receive a free iPad. In order to cover his tracks, Bob performs his dealings with the newspaper under the pseudonym of “bob” (which is his name, but spelled backwards).

    The next day, of course, the poor Jim is submerged by people who want a free iPad. The crowd clogs Jim’s shop but also a substantial part of the mall, which becomes full of disappointed persons who begin to understand that there is no such thing as a free iPad. Their negativeness makes them unlikely to buy anything else, and in any way they cannot move because of the press of the crowd, so business in the mall stops altogether. Jim becomes highly unpopular, with the ex-iPad-cravers, but also with his shopkeeper colleagues. Bob sniggers.

    At this point, Jim contacts the mall manager Sarah. Sarah decides to handle the emergency by calling the firemen. The firemen come with their shining helmets, flashing trucks, screaming sirens and sharp axes, and soon convince the crowd to disperse. Then, Sarah calls her friend Gunther. Gunther is a son of German immigrants, a pure product of the US Melting Pot, but more importantly he is a FBI agent, in charge of the issue. Gunther is smart, in his own twisted way. He contacts the newspaper, and is first puzzled, but then has an intuitive revelation: ah-HA! “bob” is just “Bob” spelled backwards ! Gunther promptly proceeds to arrest Bob and send him meet his grim but legal fate before the county Judge.

    Finally, in order to avoid further issues with other nihilists who would not be sufficiently deterred by the vision of Bob’s dismembered corpse put on display in front of the mall, Sarah devises a mitigation measure: she hires Henry and Herbert, two mean-looking muscular young men, and posts them at the mall entries. Henry and Herbert are responsible for blocking access should a large number of people try to come in, beyond a given threshold. If a proto-Bob strikes again, this will allow the management of the problem on the outside, in the parking lot, where space is not lacking and crowd control much easier.

    Morality: a DDoS cannot be prevented, but its consequences can be mitigated by putting proactive measures, and perpetrators might be deterred through the usual, historically-approved display of muscle from law enforcement agencies. If botnets become too easy to rent, predictable consequences include increased police involvement, proactive authentication of users at infrastructure level, shutting off of the most disreputable parts of the network (in particular Internet access for the less cooperative countries), and a heavy dose of disgruntlement and sadness at the loss of a past, more civilized age.